At the time of launch, the Trojan using a special decrypts library contained in the two packages APK resources (from file called Android Package), and then using the method DexClassLoader (i.e., without user input) is loaded into memory contained therein executable Dex – detected by Dr.Web as Android.DownLoader.57.origin and Android.DownLoader.60.origin. If the activation is successful, these programs establish a connection with a remote server, where they receive a list of applications to be downloaded to the mobile device data.
At the same time, at specified intervals, in addition to the application can also be downloaded other files. Doctor Web analysts have identified include both new and already known malware belonging to several families, such as Trojans Android.SmsSend and Android.Backdoor.
Thus, the cybercriminals can attack the owners of Android devices according to different scenarios, using for this purpose the types of malicious applications, ranging from ordinary SMS Trojans, Trojans advanced spyware. In addition, another potential way to use these type of Trojan downloader version is on sending legitimate applications and games, with installation where fraudsters derive financial benefits. It is worth noting that when you try to install programs downloaded by Trojans on mobile devices, required confirmation of this action by the user. It is therefore necessary to pay special attention when approving installation of the software, which does not knowingly married to your device. The second version of the dropper Android.MulDrop.18.origin contains, in contrast to the first, unencrypted versions of the Trojan downloader type, added the virus as Android.DownLoader.59.origin and Android.DownLoader.61.origin. The mechanism of the remote server connection is somewhat different from that which is implemented in the case of Android.DownLoader.57.origin and Android.DownLoader.60.origin, but the ultimate goal of their actions remains unchanged and consists of downloading and installing the application on the device mobile with Android. 
No comments:
Post a Comment